Ali Golestan
Reputation: 160
how to add multiple roles to an admin user in Apache tomcat 8?
Recently i've installed an apache tomcat 8. my tomcat-users.xml contains this:
<tomcat-users>
<role rolename="admin-gui"/>
<user username="tomcat" password="pass1234" roles="admin-gui"/>
</tomcat-users>
I want to enable openning manager app and server status on this user too. can anyone help me on this ?
Upvotes: 3
Views: 3955
Answers (1)
Sahil Ali
Reputation: 342
Adding multiple roles might be achieved by the following in tomcat-users XML file
<user username="craigmcc" password="secret" roles="standard,manager-script" />
The manager GUI is given access via the role "manager-gui". The server status is given via role "manager-script".
But the manager-script role is not provided with CSRF. Hence, it is not advisable to have one user with both GUI and SCRIPT roles.
In your Tomcat- check the error pages for 403. It has most of the details that i provided above.
NOTE: This is in reference to Tomcat 7.
Upvotes: 1
Related Questions
- Unable to enter the Tomcat6-admin page after defining new role
- Get all users and roles in Java webapp
- How to get all roles list from Tomcat in Java EE application
- How to setup Tomcat web.xml and context.xml for 2 different (user and admin) authentication
- j_security_check on tomcat with 2 user roles
- Apache Tomcat - Is it possible to add new users in tomcat-users.xml via Admin console?
- Setting up manager role for Tomcat 7
- How to add group in tomcat-users.xml?
- Tomcat Web Application Manager - is it possible to limit what each user role can see?
- JAAS - isUserInRole returns false for all roles in Tomcat